Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Hi,
Looking for help with the above pop-ups as well as the IE pop-up install window which asks "....Would you like to install SysProtect to check your computer for free (recommended)..." which is impossible to shut down.

Firstly I tried tried Ewido (in Safe Mode), VundoFix and Smitfraud, as well as clearing cookies, history and temp internet files, but the pop-ups returned.

I then followed the instructions at "New to this board - Click here" at this site. This includes updating and running SpyBot S&D (which was already installed), Ad-Aware, Trojan Hunter, and on-line scans with housecall.trendmicro.com and security.symantec.com. The only thing I couldn't action was the report from symantec that "detected Adware.MaxSearch", as I couldn't find instructions on their site on how to remove it. Haven't seen the pop-ups since then but I'm suspicious they will return.

I'm Angelfire777 and it'll be my pleasure to assist you in your problem.

Reasearching Hijackthis logs could take sometime so please, be patient while I reasearch a fix for you.

Also, I have to let experts check my fixes first before bringing them to you.

Please observe these while we work:

1.) Please stick with this thread until we are finished, do not start a new topic here or start a new thread at other forums. Do not worry, We were trained to help and never give up until we get you all fixed up.

2.) Stop if you have questions!! Never proceed if something is unclear to you. We don't want to start all over again.

It is possible that some entries are hiding from us so I suggest that you rename hijackthis to something like HJT.exe==========================Please disable Trojan Hunter, as it may hinder the removal of some entries.

Before we start please go to TrojanHunter Guard in the lower right corner of your screen. It is a lightblue icon with a magnifying glass that can be difficult to see but the handle is red. Right click it and select settings. Uncheck "Load at startup" and "Enabled". Make sure that the program, TrojanHunter itself, is also closed/not running.
==========================Open hijackthis > choose scan only > tick the boxes beside these entries in bold

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then start to download the latest definition files.

Once the scanner is installed and the definitions downloaded, click Next.

Now click on Scan Settings

In the scan settings make that the following are selected: o Scan using the following Anti-Virus database: + Extended (If available otherwise Standard) o Scan Options: + Scan Archives + Scan Mail Bases

Click OK

Now under select a target to scan select My Computer

The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Hi Angelfire777,
I have followed your instructions, below are the two logs. PC seems to be behaving pretty normally at the moment and there haven't been any pop-ups for a while. I 'm hoping it has been sorted!

You can refer to this site HERE==========================Open Windows Explorer by hitting your windows key + E at the same time.
*If you do not have a windows key, double click my computer > click the folders icon

Then navigate to these files and delete them:

C:\Documents and Settings\Peter\.housecall\Quarantine<<delete all the contents of that folder.C:\Documents and Settings\Peter\Desktop\Vid Tools\XviD-1.0.2-Setup.exeC:\Program Files\Common Files\Totem Shared\Update\dial.dll.015Empty your recycle binReboot into==========================then please post a new hijackthis log

Hi Angelfire777,
I have followed your latest instructions and the HJT log is below. It seems you may have been about to suggest to "reboot in to Safe Mode", but I assume that was just a pasting error and you intended for me to just reboot into normal mode?

BTW, both the volume and power scheduler icons have re-appeared in my systray, seems the ol' PC just needed a bit of a sleep ( ).

I didn't realise that XviD contained a virus, I haven't used it for a long time so no great loss there anyway. Regards the "Totem" folder - do I in fact need the whole folder? I couldn't find out much about it by searching on Google.

Lastly, I think my PC protection needs a serious upgrade, I just realised that my McAfee Virus Scan 4.5.1 doesn't list support for XP, and in fact is no longer officially supported by McAfee (though it still seems to automatically update the virus definition files). What steps do you recommend I take?

Hi Angelfire777,I have followed your latest instructions and the HJT log is below. It seems you may have been about to suggest to "reboot in to Safe Mode", but I assume that was just a pasting error and you intended for me to just reboot into normal mode?

Yup that's right

I didn't realise that XviD contained a virus, I haven't used it for a long time so no great loss there anyway. Regards the "Totem" folder - do I in fact need the whole folder? I couldn't find out much about it by searching on Google.

If that folder contains nothing, you may delete it.

Lastly, I think my PC protection needs a serious upgrade, I just realised that my McAfee Virus Scan 4.5.1 doesn't list support for XP, and in fact is no longer officially supported by McAfee (though it still seems to automatically update the virus definition files). What steps do you recommend I take?

I suggest that you uninstall it because there might come a time when you can't update it anymore and if you can't update an antivirus, it's good for nothing

Your Java is out of date....Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

Close any programmes you may have running, ESPECIALLY your web browser

Click Start > Control Panel.

Click Add/Remove Programs.

Check any item with Java Runtime Environment (JRE or J2SE) in the name.

Click the Remove or Change/Remove button.

Repeat as many times as necessary to remove all versions of Java.

Reboot your computer once all Java components are removed.

Then download Java Runtime Environment 8, and install it to your computer.==========================* Make sure your hidden files and folders are still visible so that you can continue with the cleaning. To do this you need double click my computer > tools > folder options > view > click show hidden files and folders > uncheck hide extensions for known file types > uncheck hide operating system files > then hit ok

* Clean out your TEMP FILES* This procedure should be run from SAFEMODE for better results.

To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE* Then press the ENTER KEY ON YOUR KEYBOARD

* Go to My Computer/ C: Drive/ Documents and Settings/ Local Settings/ Every User on this Computerand delete all the contents of the Temp FolderBut not the temp folder itself

* Go to My Computer/ C:/ Windows/ Temp and delete all the contents of the Temp FolderBut not the temp folder itself

* Go to My Computer/ C:/ Windows/ Prefetch and remove all the contents of the Prefetch Folder.But not the Prefetch folder itself.

You can take a look here to see how the Windows Prefetch folder works.

NOW RE-BOOT NORMALLY

Open INTERNET EXPLORER

Click on the TOOLS MENU

Then INTERNET OPTIONS

At the GENERAL TAB(which should be the first tab you are currently on),

click on the DELETE FILES BUTTON and put a checkmark in DELETE ALL OFFLINE CONTENT.

Then press the OK BUTTON . This may take quite a while, so do not be alarmed with how long it takes.

When it is done, your Temporary Internet Files will now be deleted.

Now Empty your Recycle Bin

System Restore makes regular backups of all your settings, if you ever had to use this program to restore yoursystem to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

Right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore on all Drives.

Click Apply, and then click OK.

Reboot your System

Turn ON System Restore.

Right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check Turn off System Restore on all Drives.

Click Apply, and then click OK.

* Go to Start > Accessories > System Tools > System Restore > Create a New Restore PointYou can name the restore point anything you like, something that you can remember.

*hide system files:

Windows XP

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Do not show hidden files and folders.

Check the Hide protected operating system files option.

Click Yes to confirm.

Click OK.

================================================Here are some free programs that can help you improve your pc's security.

AntiVirus - Having one AntiVirus is a MUST in your system. If you do not have one, it is very important to get one right now. Here are some free but good AntiVirus:

*download and the install files, disconnect from internet, remove old one, install new one, and only connect to internet after installing the new one.

If you are using IE then I think it is time to change to Mozilla FireFox. Mozilla FireFox offers not only better security but it also has more features than IE

AntiSpyWare Applications - This programs will deal with the Adwares, Spywares, hijackers and dialers in your system. It is recommended that you download, install and run at least 2 Antispyware applications.

Â­ Â»Adaware - This is a great free program by Lavasoft. It deals with spyware cookies, spywares, hijackers, dialers in your system. This is a must have program to keep your computer secure. ~You can download it from here ~There is a tutorial on how to use Adawareproperlyhere

Â»Spybot Search and Destroy - This is also a great Antispyware program by Patrick Kolla. It has a Tea-Timer feature which works like Spyware Guard. Use Tea-Timer only when you don't choose to install Spyware Guard. ~You can download it from here . Just choose a mirror and off you go. ~There is also a tutorial on how to use Spybot properlyhere

Note: Make sure you update them at least once every two weeks or once a week.

Anti-Trojans- Trojans are programs that appear clean, good and entertaining on the outside but are very destructive when you open it. Here are some free programs that deals with trojans:

Â»Ewido Anti-Malware- A very very good trojan detector. It is only a trial program and it offers realtime protection for 15 days and after that you can use its on-demand scanner for free. Remember to update its database after installing it. ~You can download it from here ~If automatic updates wont work you can download the manual updateshere

Â»A-squared- This is also a great program from Emsisoft. This is a freeware and you can use it to scan your systems for trojans and other forms of malware. ~You can download it here

MVPS Hosts file- The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer ~You can get MVPS hosts file here

*****FOR MORE REALTIME PROTECTION*****

Â» Install SpyWare Blaster- It prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
~You can download it from here ~You can read the tutorial on how to use Spyware Blasterhere

Â» Install Spyware Guard- This is one of the best realtime protection programs that stops spyware before it is executed. It also prevents spyware from downloading in your system.
~You can download it from here ~You can read the tutorial on how to use Spyware Guardhere

Â» Install WinPatrol - Also a necessary programs because this alerts you if an unknown program tries to install and run in your computer with your notice/approval. Mostly detects malicious Active X and malicious java script files.
~You can download it from here

Â» IESpyAds- A nice little program that can add almost 5000 restricted sites to IE so you will not be redirected to those "bad" sites.
~You can download it from here ~If you want to know how IEspyads work you can take a look at it here

Â» Windows Update- Always check for updates of your operating system to keep yourself protected from its vulnerabilities.
~Get the updates from here

Remember: It is alright to have more than 3 antispyware applications and realtime protection but never more than 1 AntiVirus or more than 1 Firewall in your system. Always UPDATE your AntiVirus application and do a scan at least once a week together with your AntiSpyware applications to ensure that your system is clean.

Hi Angelfire 777,
Thanks for your detaled and helpful response. Haven't had a chance to finalise my PC as per your instructions yet as I'm out of town. Will do so in about 5 days. I might just post a new HJT log then too, if you don't mind having a quick look. It seems that strange flash of grey screen has returned, but no other problems noticed yet.

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.